Kit4Some/skills/careful
skills/careful/SKILL.md
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs --> --- name: careful description: > Safety guardrails for destructive commands. Warns before rm -rf, DROP TABLE, force-push, git reset --hard, kubectl delete, and similar destructive operations. Triggers on "careful", "조심", "안전 모드", "prod mode", "safety mode", "프로덕션 모드", "be careful", "careful mode". allowed-tools: - Bash - Read hooks: PreToolUse: - matcher: "Bash" hooks:
$ install --global
skillsauthnpx skillsauth add Kit4Some/Oh-my-ClaudeClaw skills/carefulInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 10:46 PM175.9s3 files scanned
SKILL.md
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs -->
name: careful description: > Safety guardrails for destructive commands. Warns before rm -rf, DROP TABLE, force-push, git reset --hard, kubectl delete, and similar destructive operations. Triggers on "careful", "조심", "안전 모드", "prod mode", "safety mode", "프로덕션 모드", "be careful", "careful mode". allowed-tools:
- Bash
- Read
hooks:
PreToolUse:
- matcher: "Bash"
hooks:
- type: command command: "bash ${CLAUDE_SKILL_DIR}/bin/check-careful.sh" statusMessage: "Checking for destructive commands..."
- matcher: "Bash"
hooks:
/careful — Destructive Command Guardrails
Safety mode is now active. Every bash command will be checked for destructive patterns before running. If a destructive command is detected, you'll be warned and can choose to proceed or cancel.
Preamble
Before executing this skill:
-
Load context from memory:
memory_search(query: "{skill-relevant-query}", associative: true, limit: 5) memory_search(tag: "{skill-name}", limit: 3)Review returned memories for relevant past context, decisions, and patterns.
-
Check OMC state for active work:
state_get_status()If conflicting active tasks exist, warn the user before proceeding.
-
Detect current branch (for git-related skills):
git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "not-a-git-repo" -
Check proactive mode:
state_read("occ-proactive")If
"false": do NOT proactively suggest other OpenClaw-CC skills during this session. Only run skills the user explicitly invokes. -
Log skill activation:
memory_daily_log(type: "note", entry: "Skill activated: /{skill-name}")
What's protected
| Pattern | Example | Risk |
|---------|---------|------|
| rm -rf / rm -r / rm --recursive | rm -rf /var/data | Recursive delete |
| DROP TABLE / DROP DATABASE | DROP TABLE users; | Data loss |
| TRUNCATE | TRUNCATE orders; | Data loss |
| git push --force / -f | git push -f origin main | History rewrite |
| git reset --hard | git reset --hard HEAD~3 | Uncommitted work loss |
| git checkout . / git restore . | git checkout . | Uncommitted work loss |
| kubectl delete | kubectl delete pod | Production impact |
| docker rm -f / docker system prune | docker system prune -a | Container/image loss |
| DELETE FROM (without WHERE) | DELETE FROM users | Mass data deletion |
Safe exceptions
These patterns are allowed without warning:
rm -rf node_modules/.next/dist/__pycache__/.cache/build/.turbo/coverage/.omc
How it works
The hook reads the command from the tool input JSON, checks it against the
patterns above, and returns permissionDecision: "ask" with a warning message
if a match is found. You can always override the warning and proceed.
Memory Integration
memory_daily_log(type: "note", entry: "Safety mode activated: /careful")
To deactivate, end the conversation or start a new one. Hooks are session-scoped.
Completion Status Protocol
Every skill must end with one of these status codes:
| Code | Meaning | When to Use | |------|---------|-------------| | DONE | All steps completed, evidence provided | Root cause found + fix verified, PR created, review finished | | DONE_WITH_CONCERNS | Completed with warnings or caveats | Tests pass but coverage dropped, fix applied but can't fully verify | | BLOCKED | Cannot proceed, requires user intervention | 3 failed attempts, missing permissions, external dependency down | | NEEDS_CONTEXT | Missing information to continue | Unclear requirements, need user clarification |
Escalation Rules
-
3-strike rule: After 3 failed attempts at any step, STOP and escalate to user. Do not continue guessing. Present what was tried and ask for direction.
-
Scope escalation: If fix/change touches 5+ files unexpectedly, pause and confirm with the user before proceeding.
-
Security uncertainty: If you are unsure about a security implication, STOP and escalate. Never guess on security.
-
Verification requirement: Never claim DONE without evidence.
- "Should work" → RUN IT. Confidence is not evidence.
- "Already tested earlier" → Code changed since. Test again.
- "Trivial change" → Trivial changes break production.
Output Format
═══════════════════════════════════════
Status: {DONE | DONE_WITH_CONCERNS | BLOCKED | NEEDS_CONTEXT}
Summary: {one-line description of outcome}
Evidence: {test output, verification results, or blocking reason}
═══════════════════════════════════════
Related Skills
Kit4Some/skills/web-researcher
development
VerifiedTrustedCommunity
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs --> --- name: web-researcher description: > Web research with OMC team parallel execution. Triggers on "웹에서 찾아", "최신 정보", "리서치해", "동향", "web research", "find online", "latest info", "look up", "search the web", "trend analysis" and similar. v3: Spawns research-agent in parallel for multi-angle search. Deduplicates via memory_similar. Builds knowledge graph connections. For comprehensive
2SKILL.mdUpdated Apr 22, 2026
Kit4Some/skills/unfreeze
tools
VerifiedTrustedCommunity
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs --> --- name: unfreeze description: > Remove edit scope restriction set by /freeze or /guard. Triggers on "unfreeze", "편집 제한 해제", "잠금 해제", "remove freeze", "unlock edits". allowed-tools: - Bash - Read --- # /unfreeze — Remove Edit Restrictions ## Preamble Before executing this skill: 1. **Load context from memory**: ``` memory_search(query: "{skill-relevant-query}", associative:
2SKILL.mdUpdated Apr 22, 2026
Kit4Some/skills/task-analyzer
tools
VerifiedTrustedCommunity
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs --> --- name: task-analyzer allowed-tools: - Bash - Read - Write - Edit - Glob - Grep - Agent - AskUserQuestion - WebSearch description: > Autonomously analyzes and executes tasks with a structured plan. Triggers on "분석해", "작업 계획", "이거 해줘", "자동으로 처리해", "계획 세워", "workflow 만들어", "analyze", "task plan", "do this", "handle automatically", "make a plan", "create a workflow",
2SKILL.mdUpdated Apr 22, 2026
Kit4Some/skills/ship
development
VerifiedTrustedCommunity
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs --> --- name: ship description: > Automated release workflow with comprehensive quality gates. Triggers on "배포", "릴리스", "ship it", "PR 만들어", "release", "deploy", "create PR", "push this", "ship". Non-interactive: user says /ship, next thing they see is the PR URL. Delegates commit organization to OMC git-master, review to code-reviewer, verification to verifier. Sends PR notification vi
2SKILL.mdUpdated Apr 22, 2026